Privacy Policy

Name: Locki Security
Brand: Locki

This Privacy Policy explains how Locki ("we", "our", or "us") collects, uses, and protects information when you use our browser extension, admin dashboard, and website. Your privacy is foundational to our product — we built Locki so that the most sensitive data never touches our servers.

1. Information We Do Not Collect

Locki is designed with privacy at its core. We do not collect, store, or transmit your encrypted data, plaintext content, or any sensitive communication. All encryption and decryption happen locally in your browser — no plaintext is ever sent to our servers or third parties.

2. Information We May Collect

When you create an organization account or use the admin dashboard, we collect the minimum information necessary to operate the service: your email address, name (if provided), organization name, and authentication tokens. We also store encrypted key material (never plaintext keys) and audit log metadata (actor email, action type, timestamp, and context — never the plaintext content being encrypted).

2a. Organizational Data

For Teams Pro customers, we store organizational structure information: user email addresses, group memberships, role assignments, and key version history. This information is used solely to operate the team key distribution and access control features. It is never sold, rented, or used for advertising.

3. Cookies and Analytics

Our public website may use limited cookies or analytics tools such as Google Analytics to understand visitor trends and improve usability. These tools collect anonymous, aggregate information — never your encrypted content, personal text, or private data.

3a. Payment and Billing Data

Subscription payments are processed by Lemon Squeezy, a certified payment processor. Locki never stores your payment card details. We retain only subscription status and billing identifiers necessary to manage your subscription.

4. How We Use Information

Any information we hold is used exclusively to:

Operate and secure the Locki extension and admin dashboard
Distribute encrypted org keys to authorized team members
Provide audit logs and compliance visibility within your organization
Process subscription payments and manage billing
Respond to support requests and improve the product

5. Sharing of Information

We do not sell, rent, or share your personal or organizational information with advertisers or external services. We share data only with essential service providers (Lemon Squeezy for payments, Resend for transactional email) under strict data processing agreements. Information may also be disclosed if required by applicable law.

6. Data Security

We apply industry-standard security measures: encrypted key storage, JWT-based authentication with short-lived access tokens, and strict organizational data isolation. No plaintext key material or encrypted content is stored on our servers. Your encryption keys are stored AES-GCM encrypted with keys that never leave your device.

7. Your Rights

You have the right to access, correct, or delete personal data we hold about you. Organization admins can request a full data export or deletion of their organization's data via the dashboard or by contacting us at contact@lockisecurity.com. We process all requests promptly.

8. Policy Updates

This Privacy Policy may be updated periodically to reflect product changes or new legal requirements. Any revisions will be posted on this page with the latest revision date at the top.

9. Contact Us

If you have any questions, concerns, or feedback about this Privacy Policy, please contact us at contact@lockisecurity.com.

Last updated: April 15, 2026